]> granicus.if.org Git - sudo/log
sudo
8 years agoAvoid using !strcmp()
Todd C. Miller [Fri, 3 Jun 2016 19:58:12 +0000 (13:58 -0600)]
Avoid using !strcmp()

8 years agoSSSD doesn't handle netgroups, we have to ensure they are correctly filtered
Todd C. Miller [Thu, 2 Jun 2016 16:47:39 +0000 (10:47 -0600)]
SSSD doesn't handle netgroups, we have to ensure they are correctly filtered
in sudo. The rules may contain mixed sudoUser specification so we have to
check not only for netgroup membership but also for user and group matches.
Adapted from a patch from Daniel Kopecek.

8 years agoReturn PAM_CONV_ERR from the conversation function if getpass returns
Todd C. Miller [Wed, 1 Jun 2016 20:48:31 +0000 (14:48 -0600)]
Return PAM_CONV_ERR from the conversation function if getpass returns
NULL or the user pressed ^C.

8 years agoMake base64 decoding table-driven.
Todd C. Miller [Wed, 1 Jun 2016 18:43:02 +0000 (12:43 -0600)]
Make base64 decoding table-driven.

8 years agoBack out cfa26b99228f, it was already fixed differently.
Todd C. Miller [Wed, 1 Jun 2016 18:38:53 +0000 (12:38 -0600)]
Back out cfa26b99228f, it was already fixed differently.
Caught by regress checks.

8 years agoAllow double-quoted groups and netgroups to be part of a Defaults spec.
Todd C. Miller [Tue, 31 May 2016 19:50:38 +0000 (13:50 -0600)]
Allow double-quoted groups and netgroups to be part of a Defaults spec.
From Daniel Kopecek.

8 years agoThe sudoers.ldap manual is installed in section 4 or 5, not 1m or 8.
Todd C. Miller [Tue, 31 May 2016 19:17:38 +0000 (13:17 -0600)]
The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8.
Also fix the section for ldap.conf cross-references.

8 years agoFix copy pasta, "sudoNotAfter" not "sudoNotBefore".
Todd C. Miller [Tue, 31 May 2016 19:14:30 +0000 (13:14 -0600)]
Fix copy pasta, "sudoNotAfter" not "sudoNotBefore".
Add missing word "order" in a sentence describing sudoOrder.

8 years agoFor sudo -ll (long list) print the SSSD role just like we do
Todd C. Miller [Tue, 31 May 2016 19:07:31 +0000 (13:07 -0600)]
For sudo -ll (long list) print the SSSD role just like we do
for the LDAP backend.  Adapted from sudo-1.8.6p3-sssdrulenames.patch

8 years agoSetting timestamp_timeout less than zero only lasts until the
Todd C. Miller [Tue, 31 May 2016 18:57:08 +0000 (12:57 -0600)]
Setting timestamp_timeout less than zero only lasts until the
next reboot.  Adapted from a RedHat patch.

8 years agosync with translationproject.org
Todd C. Miller [Tue, 31 May 2016 18:31:40 +0000 (12:31 -0600)]
sync with translationproject.org

8 years agofputs() is now specified as returning non-negative on success, not
Todd C. Miller [Wed, 25 May 2016 20:50:05 +0000 (14:50 -0600)]
fputs() is now specified as returning non-negative on success, not
explicitly zero.  Fixes a failure on glibc.

8 years agoDon't try to dereference replies[] if it is a NULL pointer.
Todd C. Miller [Wed, 25 May 2016 20:48:52 +0000 (14:48 -0600)]
Don't try to dereference replies[] if it is a NULL pointer.

8 years agosudo_version should be unsigned
Todd C. Miller [Wed, 25 May 2016 14:44:53 +0000 (08:44 -0600)]
sudo_version should be unsigned

8 years agosync with translationproject.org
Todd C. Miller [Wed, 25 May 2016 14:41:45 +0000 (08:41 -0600)]
sync with translationproject.org

8 years agoKorean translation for sudo and sudoers from translationproject.org.
Todd C. Miller [Wed, 25 May 2016 14:41:27 +0000 (08:41 -0600)]
Korean translation for sudo and sudoers from translationproject.org.

8 years agoIgnore PAM_SESSION_ERR from pam_open_session() since this can
Todd C. Miller [Wed, 25 May 2016 14:33:57 +0000 (08:33 -0600)]
Ignore PAM_SESSION_ERR from pam_open_session() since this can
apparently happen on systems using Solaris-derived PAM.  Other
errors from pam_open_session() are treated as fatal.  This avoids
the "policy plugin failed session initialization" error message
seen on some systems.

8 years agoDon't read from stdin when flushing final buffers in blocking mode.
Todd C. Miller [Tue, 24 May 2016 17:16:44 +0000 (11:16 -0600)]
Don't read from stdin when flushing final buffers in blocking mode.
Reading from the pipe can block too if the other end is not closed.

8 years agoMention visudo -x change.
Todd C. Miller [Mon, 23 May 2016 17:32:01 +0000 (11:32 -0600)]
Mention visudo -x change.

8 years agoThere's no need to escape forward slashes in JSON output. While
Todd C. Miller [Mon, 23 May 2016 17:29:17 +0000 (11:29 -0600)]
There's no need to escape forward slashes in JSON output.  While
it is legal to escape a forward slash, it is not required.

8 years agoDocument that in 1.8.12 sudo started being able to check the NIS
Todd C. Miller [Mon, 23 May 2016 17:21:34 +0000 (11:21 -0600)]
Document that in 1.8.12 sudo started being able to check the NIS
domain on Solaris.

8 years agoBetter description of the I/O logging pipe issue.
Todd C. Miller [Fri, 20 May 2016 17:00:18 +0000 (11:00 -0600)]
Better description of the I/O logging pipe issue.

8 years agoIn del_io_events(), avoid reading from the pty master in blocking
Todd C. Miller [Fri, 20 May 2016 16:17:23 +0000 (10:17 -0600)]
In del_io_events(), avoid reading from the pty master in blocking
mode.  We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
another that could block if stdin is a pipe.  This ensures we consume
the pipe until EOF.

8 years agoImprove debug info in sudo_ev_add() and sudo_ev_del()
Todd C. Miller [Fri, 20 May 2016 16:14:38 +0000 (10:14 -0600)]
Improve debug info in sudo_ev_add() and sudo_ev_del()

8 years agoIn pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag
Todd C. Miller [Fri, 20 May 2016 14:12:46 +0000 (08:12 -0600)]
In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag
so the event loop will exit after a single run through.  Otherwise,
we may hang at exit on non-BSD systems.

8 years agoregen
Todd C. Miller [Wed, 18 May 2016 20:31:04 +0000 (14:31 -0600)]
regen

8 years agoBump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF
Todd C. Miller [Tue, 17 May 2016 14:31:23 +0000 (08:31 -0600)]
Bump I/O buffer size to 64K.  We don't use PIPE_BUF or _PC_PIPE_BUF
for this because that corresponds to the value for atomic pipe
writes.  The actual pipe buffer is much larger on modern systems
and 64K is what BSD and Linux support for large pipe buffers.

8 years agoI/O logging bug fix
Todd C. Miller [Tue, 17 May 2016 14:19:21 +0000 (08:19 -0600)]
I/O logging bug fix

8 years agoDon't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close
Todd C. Miller [Tue, 17 May 2016 14:16:43 +0000 (08:16 -0600)]
Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close
time, only when the user suspends sudo.  Fixes a problem where all
buffers might not get flushed at exit when logging I/O.  Reproducible
via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.

8 years agoDon't try to fflush(export_fp) or ferror(export_fp) if export_fp
Todd C. Miller [Mon, 16 May 2016 20:16:08 +0000 (14:16 -0600)]
Don't try to fflush(export_fp) or ferror(export_fp) if export_fp
is NULL, which can happen on the error path.

8 years agoO_NOCTTY has no effect when opening /dev/tty as the open can only
Todd C. Miller [Mon, 16 May 2016 17:17:20 +0000 (11:17 -0600)]
O_NOCTTY has no effect when opening /dev/tty as the open can only
succeed if there is already a controlling tty.

8 years agoDo not need to open /dev/tty with O_NONBLOCK, it doesn't block on
Todd C. Miller [Mon, 16 May 2016 17:12:54 +0000 (11:12 -0600)]
Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on
first open like a physical terminal.  By definition, if you have a
controlling tty, the first open (which might block) has already
occurred.

8 years agoUse O_NOCTTY when opening a tty.
Todd C. Miller [Mon, 16 May 2016 17:00:31 +0000 (11:00 -0600)]
Use O_NOCTTY when opening a tty.

8 years agoregen
Todd C. Miller [Mon, 16 May 2016 16:29:30 +0000 (10:29 -0600)]
regen

8 years agoNo need to set pass to NULL after freeing at the end of the loop
Todd C. Miller [Mon, 16 May 2016 16:18:31 +0000 (10:18 -0600)]
No need to set pass to NULL after freeing at the end of the loop
it since it is already set to NULL each time through the loop.

8 years agoSELinux fixes in 1.8.17.
Todd C. Miller [Sun, 15 May 2016 01:40:12 +0000 (19:40 -0600)]
SELinux fixes in 1.8.17.

8 years agoCheck fprintf() return value in writeln_wrap() and return the number
Todd C. Miller [Sun, 15 May 2016 01:38:23 +0000 (19:38 -0600)]
Check fprintf() return value in writeln_wrap() and return the number
of characters actually written, or -1 on error.

8 years agoCheck fputs() return value.
Todd C. Miller [Sun, 15 May 2016 01:34:42 +0000 (19:34 -0600)]
Check fputs() return value.

8 years agoDo not write directly to stdout/stderr, use sudo_printf which calls
Todd C. Miller [Sun, 15 May 2016 01:34:13 +0000 (19:34 -0600)]
Do not write directly to stdout/stderr, use sudo_printf which calls
the conversation function.

8 years agoDo not write directly to stdout/stderr, use sudo_printf which calls
Todd C. Miller [Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)]
Do not write directly to stdout/stderr, use sudo_printf which calls
the conversation function.

8 years agoUse ferror() after fflush() to check the error status of the stdio
Todd C. Miller [Sun, 15 May 2016 00:48:20 +0000 (18:48 -0600)]
Use ferror() after fflush() to check the error status of the stdio
stream we wrote to.

8 years agoprintf() returns < 0 on error, not explicitly -1
Todd C. Miller [Fri, 13 May 2016 20:48:00 +0000 (14:48 -0600)]
printf() returns < 0 on error, not explicitly -1

8 years agoRegen for 1.8.17
Todd C. Miller [Fri, 13 May 2016 18:02:53 +0000 (12:02 -0600)]
Regen for 1.8.17

8 years agoDocument that you need to preserve EDITOR and/or VISUAL for env_editor
Todd C. Miller [Fri, 13 May 2016 18:02:23 +0000 (12:02 -0600)]
Document that you need to preserve EDITOR and/or VISUAL for env_editor
to be useful.

8 years agoFix last commit, now that argc is not reset we need to explicitly
Todd C. Miller [Fri, 13 May 2016 12:40:59 +0000 (06:40 -0600)]
Fix last commit, now that argc is not reset we need to explicitly
start the copy from argv[1].  From Daniel Kopecek

8 years agocosmetic change to warning string
Todd C. Miller [Thu, 12 May 2016 16:35:06 +0000 (10:35 -0600)]
cosmetic change to warning string

8 years agoAvoid adding an extraneous warning string to sudoers.pot.
Todd C. Miller [Thu, 12 May 2016 16:33:32 +0000 (10:33 -0600)]
Avoid adding an extraneous warning string to sudoers.pot.

8 years agoUse EOVERFLOW, not ENOMEM for overflow conditions.
Todd C. Miller [Thu, 12 May 2016 16:07:59 +0000 (10:07 -0600)]
Use EOVERFLOW, not ENOMEM for overflow conditions.
For snprintf() and vsnprintf(), POSIX says we should return -1 and
set errno to EOVERFLOW if the size param is > INT_MAX; also zero
out the string in this case (not mandated by POSIX) for safety.

8 years agoNow that pam_open_session() failure is fatal we should print and log
Todd C. Miller [Wed, 11 May 2016 21:01:45 +0000 (15:01 -0600)]
Now that pam_open_session() failure is fatal we should print and log
an error from it.  Bug #744

8 years agoRepair SELinux support, broken by 397722cdd7ec.
Todd C. Miller [Wed, 11 May 2016 20:02:43 +0000 (14:02 -0600)]
Repair SELinux support, broken by 397722cdd7ec.
From Daniel Kopecek.

8 years agoRemove sudo_mkpwcache() and sudo_mkgrcache(). We now create the
Todd C. Miller [Wed, 11 May 2016 15:40:31 +0000 (09:40 -0600)]
Remove sudo_mkpwcache() and sudo_mkgrcache().  We now create the
caches as needed on demand.  Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.

8 years agoEliminate use of setpwent()/endpwent() and setgrent()/endgrent().
Todd C. Miller [Wed, 11 May 2016 13:06:45 +0000 (07:06 -0600)]
Eliminate use of setpwent()/endpwent() and setgrent()/endgrent().
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().

8 years agoRemove unnecessary NULL checks in the RUNAS_CHANGED macro. The
Todd C. Miller [Tue, 10 May 2016 12:32:55 +0000 (06:32 -0600)]
Remove unnecessary NULL checks in the RUNAS_CHANGED macro.  The
only place where the pointers could be NULL is in visudo_json.c but
we already check for "next" being NULL there.  Quiets a cppcheck
warning.

8 years agoIn replay_session() free iov at the end of the function (if needed)
Todd C. Miller [Mon, 9 May 2016 20:54:26 +0000 (14:54 -0600)]
In replay_session() free iov at the end of the function (if needed)
instead of after processing each line from the timing file.
Coverity CID 104843.

8 years agoAdd io_log_read() and io_log_gets() to hide differences between
Todd C. Miller [Mon, 9 May 2016 20:27:33 +0000 (14:27 -0600)]
Add io_log_read() and io_log_gets() to hide differences between
gzread/fread and gzgets/fgets.  Check for premature EOF and error
from io_log_read().  Also sanity check the index in the timing file.
Coverity CID 104630.

8 years agoBreak up io_callback() into read_callback() and write_callback()
Todd C. Miller [Mon, 9 May 2016 16:53:20 +0000 (10:53 -0600)]
Break up io_callback() into read_callback() and write_callback()
to make it clear that we can't get an event with both read and write
set.

8 years agoIn io_callback() make sure we clear SUDO_EV_READ if we close the
Todd C. Miller [Sat, 7 May 2016 20:51:37 +0000 (14:51 -0600)]
In io_callback() make sure we clear SUDO_EV_READ if we close the
fd.  It should not be possible for SUDO_EV_READ to be set when
revent is non-NULL but this makes static analyzers happier.
Coverity CID 104124.

8 years agoIn sudo_krb5_copy_cc_file() move the close(ofd) to the done: label
Todd C. Miller [Sat, 7 May 2016 14:18:27 +0000 (08:18 -0600)]
In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label
so we only have to cleanup in one place.  Coverity CID 104577.

8 years agoFix memory leak in sudo_netgroup_lookup() in the non-error case.
Todd C. Miller [Sat, 7 May 2016 13:57:15 +0000 (07:57 -0600)]
Fix memory leak in sudo_netgroup_lookup() in the non-error case.
Coverity CID 104572, 104573, 104574, 104575.

8 years agoFix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails.
Todd C. Miller [Sat, 7 May 2016 13:49:35 +0000 (07:49 -0600)]
Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails.
Coverity CID 104571.

8 years agoFree the events and event base before returning from replay_session().
Todd C. Miller [Sat, 7 May 2016 11:16:03 +0000 (05:16 -0600)]
Free the events and event base before returning from replay_session().
Coverity CID 104116, 104117.

8 years agoIn sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() fails.
Todd C. Miller [Sat, 7 May 2016 11:10:11 +0000 (05:10 -0600)]
In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() fails.
Coverity CID 104114.

8 years agoFix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
Todd C. Miller [Sat, 7 May 2016 11:07:38 +0000 (05:07 -0600)]
Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
returns an error.  Coverity CID 104113.

8 years agoFix memory leak of sesh_args in selinux_edit_copy_tfiles().
Todd C. Miller [Sat, 7 May 2016 11:05:30 +0000 (05:05 -0600)]
Fix memory leak of sesh_args in selinux_edit_copy_tfiles().
Coverity CID 104112.

8 years agoFix memory leak in get_editor() if resolve_editor() fails with
Todd C. Miller [Sat, 7 May 2016 10:59:56 +0000 (04:59 -0600)]
Fix memory leak in get_editor() if resolve_editor() fails with
an error.  Coverity CID 104107.

8 years agoFix memory leak on error if sudo_new_key_val() fails.
Todd C. Miller [Sat, 7 May 2016 10:57:11 +0000 (04:57 -0600)]
Fix memory leak on error if sudo_new_key_val() fails.
Coverity CID 104103.

8 years agoIgnore the return value of the initial sudoersparse(), before
Todd C. Miller [Sat, 7 May 2016 10:52:21 +0000 (04:52 -0600)]
Ignore the return value of the initial sudoersparse(), before
we have actually edited any files.  Coverity CID 104078.

8 years agoIgnore the result of send() on exec error, if it fails the other
Todd C. Miller [Sat, 7 May 2016 10:47:12 +0000 (04:47 -0600)]
Ignore the result of send() on exec error, if it fails the other
end of the pipe is gone and we are headed for exit.
Coverity CID 104066.

8 years agoIn fill_args() clean up properly if there is an internal overflow
Todd C. Miller [Sat, 7 May 2016 10:37:55 +0000 (04:37 -0600)]
In fill_args() clean up properly if there is an internal overflow
(which should not be possible).  Coverity CID 104569.

8 years agoFix logic inversion in sudoers_gc_remove(), currently unused.
Todd C. Miller [Sat, 7 May 2016 10:33:45 +0000 (04:33 -0600)]
Fix logic inversion in sudoers_gc_remove(), currently unused.
Coverity CID 104568

8 years agoIn io_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
Todd C. Miller [Fri, 6 May 2016 22:42:42 +0000 (16:42 -0600)]
In io_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
This more closely matches what "mkdir -p" does.
Coverity CID 104120.

8 years agoIn ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
Todd C. Miller [Fri, 6 May 2016 22:37:20 +0000 (16:37 -0600)]
In ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
This more closely matches what "mkdir -p" does.
Coverity CID 104119.

8 years agoNewer versions of Ubuntu have switched from using the "admin" group
Todd C. Miller [Fri, 6 May 2016 20:30:46 +0000 (14:30 -0600)]
Newer versions of Ubuntu have switched from using the "admin" group
to the "sudo" group to align with Debian.  create_admin_success_flag()
now accepts either one.
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347

8 years agoCast off_t printed via printf(3) instead of assuming it is long long.
Todd C. Miller [Fri, 6 May 2016 20:17:32 +0000 (14:17 -0600)]
Cast off_t printed via printf(3) instead of assuming it is long long.

8 years agoInstead of using stat(2) to see if the admin flag file exists and
Todd C. Miller [Fri, 6 May 2016 20:12:08 +0000 (14:12 -0600)]
Instead of using stat(2) to see if the admin flag file exists and
creating it if not, just try to create the file and treat EEXIST
as a non-error.  Coverity CID 104121.

8 years agoREADME file for the sample plugin that tells the user how to build,
Todd C. Miller [Fri, 6 May 2016 17:30:02 +0000 (11:30 -0600)]
README file for the sample plugin that tells the user how to build,
install and enable it.

8 years agoFix compilation error and export sample_policy struct.
Todd C. Miller [Fri, 6 May 2016 17:12:45 +0000 (11:12 -0600)]
Fix compilation error and export sample_policy struct.
From Michael Evans

8 years agoUpdate for 1.8.17
Todd C. Miller [Fri, 6 May 2016 15:44:52 +0000 (09:44 -0600)]
Update for 1.8.17

8 years agoSudo 1.8.17
Todd C. Miller [Fri, 6 May 2016 15:28:42 +0000 (09:28 -0600)]
Sudo 1.8.17

8 years agoCheck return value of restore_perms() in vlog_warning().
Todd C. Miller [Fri, 6 May 2016 15:26:45 +0000 (09:26 -0600)]
Check return value of restore_perms() in vlog_warning().
Coverity CID 104079.

8 years agoFix memory leaks in resolve_editor() in the error path.
Todd C. Miller [Fri, 6 May 2016 15:23:22 +0000 (09:23 -0600)]
Fix memory leaks in resolve_editor() in the error path.
Coverity CID 104109, 104110

8 years agoFix memory leak of gid_list in sudoers_policy_exec_setup() in the
Todd C. Miller [Fri, 6 May 2016 15:17:14 +0000 (09:17 -0600)]
Fix memory leak of gid_list in sudoers_policy_exec_setup() in the
error path.  Coverity CID 104111.

8 years agoFix fd leak in do_logfile() if we fail to lock the log file.
Todd C. Miller [Fri, 6 May 2016 15:12:39 +0000 (09:12 -0600)]
Fix fd leak in do_logfile() if we fail to lock the log file.
Coverity CID 104115.

8 years agoFix memory leak of sss_result in sudo_sss_lookup()
Todd C. Miller [Fri, 6 May 2016 14:22:03 +0000 (08:22 -0600)]
Fix memory leak of sss_result in sudo_sss_lookup()
Coverity CID 104106

8 years agoFix fd leak in open_io_fd() if gzdopen/fdopen fails.
Todd C. Miller [Fri, 6 May 2016 14:11:34 +0000 (08:11 -0600)]
Fix fd leak in open_io_fd() if gzdopen/fdopen fails.
Coverity CID 104105

8 years agoFix fd leak in io_nextid() in error path.
Todd C. Miller [Fri, 6 May 2016 14:07:40 +0000 (08:07 -0600)]
Fix fd leak in io_nextid() in error path.
Coverity CID 104104

8 years agoCheck lseek() return value.
Todd C. Miller [Thu, 5 May 2016 22:46:25 +0000 (16:46 -0600)]
Check lseek() return value.
Coverity CID 104061.

8 years agoIgnore ts_write() return value when disabling an entry with a bogus
Todd C. Miller [Thu, 5 May 2016 22:30:11 +0000 (16:30 -0600)]
Ignore ts_write() return value when disabling an entry with a bogus
timestamp.  We ignore the timestamp entry even it doesn't succeed.
Coverity CID 104062.

8 years agoCast the return value of fcntl() to void when setting FD_CLOEXEC.
Todd C. Miller [Thu, 5 May 2016 22:16:24 +0000 (16:16 -0600)]
Cast the return value of fcntl() to void when setting FD_CLOEXEC.
Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, 104074

8 years agoCast the return value of fcntl() to void when setting FD_CLOEXEC.
Todd C. Miller [Thu, 5 May 2016 22:09:51 +0000 (16:09 -0600)]
Cast the return value of fcntl() to void when setting FD_CLOEXEC.
Coverity CID 104075, 104076, 104077.

8 years agoAvoid a false positive. Coverity CID 104056.
Todd C. Miller [Thu, 5 May 2016 21:54:06 +0000 (15:54 -0600)]
Avoid a false positive.  Coverity CID 104056.

8 years agoAvoid calling fclose(NULL) on error in export_sudoers().
Todd C. Miller [Thu, 5 May 2016 21:14:57 +0000 (15:14 -0600)]
Avoid calling fclose(NULL) on error in export_sudoers().
Coverity CID 104091.

8 years agoIn fill_args(), check for "arg_size == 0" instead of
Todd C. Miller [Thu, 5 May 2016 21:12:37 +0000 (15:12 -0600)]
In fill_args(), check for "arg_size == 0" instead of
"sudoerslval.command.args == NULL" since the latter leads Coverity
to imply that sudoerslval.command.args could be NULL later on.
Coverity CID 104093.

8 years agoAvoid calling fclose(NULL) if the sudoers file is not secure and
Todd C. Miller [Thu, 5 May 2016 21:01:22 +0000 (15:01 -0600)]
Avoid calling fclose(NULL) if the sudoers file is not secure and
restore_perms() fails.  Coverity CID 104090.

8 years agoIn fill_args(), replace loop that increments arg_size() with
Todd C. Miller [Wed, 4 May 2016 22:59:04 +0000 (16:59 -0600)]
In fill_args(), replace loop that increments arg_size() with
a simple add and mask.  Should prevent a false positive from
Coverity CID 104094.

8 years agoIn parse_expr(), move the "bad" label after the "default" case in
Todd C. Miller [Wed, 4 May 2016 22:48:02 +0000 (16:48 -0600)]
In parse_expr(), move the "bad" label after the "default" case in
the switch(), not before it.  This seemed to confuse Covertity,
resulting in a false positive, CID 104095.

8 years agoFor "sudoreplay -l", not all predicates may be shortened to a single
Todd C. Miller [Wed, 4 May 2016 22:44:52 +0000 (16:44 -0600)]
For "sudoreplay -l", not all predicates may be shortened to a single
character.  Both 'c' and 't' have more than one possibility.

8 years agopid_t is defined by POSIX as a signed integer type so we don't need
Todd C. Miller [Wed, 4 May 2016 20:14:38 +0000 (14:14 -0600)]
pid_t is defined by POSIX as a signed integer type so we don't need
a cast when comparing to -1.

8 years agoIn dispatch_signal() for stopped processes check for tcgetpgrp()
Todd C. Miller [Wed, 4 May 2016 20:13:44 +0000 (14:13 -0600)]
In dispatch_signal() for stopped processes check for tcgetpgrp()
returning -1.  Also change checks from "saved_pgrp != -1" to
"fd != -1".  Coverity CID 104098.

8 years agoIn relabel_tty() always jump to bad: on error, regardless of the
Todd C. Miller [Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)]
In relabel_tty() always jump to bad: on error, regardless of the
value of se_state.enforcing.  On error, return -1 if enforcing,
else 0.  Coverity CID 104099.